54 Million Turkish Citizens data stoled by Russian Hackers

Researchers from KONDA Security firm have discovered that the Russian hackers have stolen personal information of 54 Million Turkish Citizens.

Unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, the data breach is clamorous if we consider that the figure represents nearly 70% of the whole Turkish population.

The Hurriyet daily news stated that researchers from KONDA Security firm have revealed that a Russian group of hackers has stolen voters data from a system of a political party, the information stolen includes Name, fathers’ names, ID numbers and addresses.

““I have heard about it. Hackers in Russia hold 54 million Turkish citizens’ ID numbers, addresses, father names,”  said the general manager of KONDA research company, Bekir Ağırdır, said last week in Ankara at a meeting to evaluate upcoming local elections in the country, according to a report on online news portal T24.

The main opposition party in Turkey, the Republican People’s Party (CHP) launched an “e-elector” initiative to provide transparence on the election and allow Turkish citizens to check electoral rolls and “detect deficiencies and mistakes through websites and mobile applications“.

As usual the first rumors on the data breach are puzzling, the system attached is used for database and website management and did not have any defense system installed, the website used to upload voters’ information appears also vulnerable.

“Some government institutions share people’s personal data online with other public and private bodies without ensuring the protection of data, said a State Audit Board (DDK) report titled “the National and International Situation Assessment over the Protection of Personal Data”, which was posted on the official website of the President’s Office on Dec. 13.”

The problems are common to almost all principal Ministries including the Justice and Health Ministries, the General Directorate of Population and Citizenship Affairs, the Social Security Board, the General Directorate of Land Registry and the Revenue Administration Directorate.

Resuming on one hand Turkish citizens ‘data are not properly managed by authorities, but at the same time the Turkish Government is profiling a number of groups based on religion and faith through the National Intelligence Organization (MİT) for intelligence purposes.

Prime Minister Recep Tayyip Erdoğan had categorically denied profiling activities, but they are reality for Turkish population like others.

In Turkey government offices have adopted separate regulations for the protection of personal information of Turkish citizens, it is desirable the adoption of a unique framework for the protection of personal data to define a shared conduct to follow.

“Data sharing among and between public and private institutions is being conducted in the absence of relevant legal parameters,” the report said.

A data breach is a frequent incident and numerous causes are concurring to increment their frequency including wrong victims’ habits, improper configuration of systems, ineffective patch management, absence of defense mechanisms and advanced persistent threats that are becoming even more sophisticated.

Pierluigi Paganini

(Security Affairs –  hacking vulnerability, Turkish Citizens)